Commit d81d2285 authored by Martin Willi's avatar Martin Willi Committed by David S. Miller

xfrm: Accept XFRM_STATE_AF_UNSPEC SAs on IPv4/IPv6 only hosts

Installing SAs using the XFRM_STATE_AF_UNSPEC fails on hosts with
support for one address family only. This patch accepts such SAs, even
if the processing of not supported packets will fail.
Signed-off-by: default avatarMartin Willi <martin@strongswan.org>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 29fa0b30
...@@ -2022,8 +2022,9 @@ int xfrm_init_state(struct xfrm_state *x) ...@@ -2022,8 +2022,9 @@ int xfrm_init_state(struct xfrm_state *x)
x->inner_mode = inner_mode; x->inner_mode = inner_mode;
} else { } else {
struct xfrm_mode *inner_mode_iaf; struct xfrm_mode *inner_mode_iaf;
int iafamily = AF_INET;
inner_mode = xfrm_get_mode(x->props.mode, AF_INET); inner_mode = xfrm_get_mode(x->props.mode, x->props.family);
if (inner_mode == NULL) if (inner_mode == NULL)
goto error; goto error;
...@@ -2031,22 +2032,17 @@ int xfrm_init_state(struct xfrm_state *x) ...@@ -2031,22 +2032,17 @@ int xfrm_init_state(struct xfrm_state *x)
xfrm_put_mode(inner_mode); xfrm_put_mode(inner_mode);
goto error; goto error;
} }
x->inner_mode = inner_mode;
inner_mode_iaf = xfrm_get_mode(x->props.mode, AF_INET6); if (x->props.family == AF_INET)
if (inner_mode_iaf == NULL) iafamily = AF_INET6;
goto error;
if (!(inner_mode_iaf->flags & XFRM_MODE_FLAG_TUNNEL)) {
xfrm_put_mode(inner_mode_iaf);
goto error;
}
if (x->props.family == AF_INET) { inner_mode_iaf = xfrm_get_mode(x->props.mode, iafamily);
x->inner_mode = inner_mode; if (inner_mode_iaf) {
if (inner_mode_iaf->flags & XFRM_MODE_FLAG_TUNNEL)
x->inner_mode_iaf = inner_mode_iaf; x->inner_mode_iaf = inner_mode_iaf;
} else { else
x->inner_mode = inner_mode_iaf; xfrm_put_mode(inner_mode_iaf);
x->inner_mode_iaf = inner_mode;
} }
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment